---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: docs-builder
  namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: modules-watcher
  namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: {{ .Release.Namespace }}
  name: leases-admin
rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: {{ .Release.Namespace }}
  name: leases-reader
rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: docs-builder
  namespace: {{ .Release.Namespace }}
subjects:
  - kind: ServiceAccount
    name: docs-builder
    namespace: {{ .Release.Namespace }}
roleRef:
  kind: Role
  name: leases-admin
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: modules-watcher
  namespace: {{ .Release.Namespace }}
subjects:
  - kind: ServiceAccount
    name: modules-watcher
    namespace: {{ .Release.Namespace }}
roleRef:
  kind: Role
  name: leases-reader
  apiGroup: rbac.authorization.k8s.io
